apiVersion: v1
kind: List
items:
- apiVersion: v1
  kind: ServiceAccount
  metadata:
    name: dockergc
  # You must grant privileged via: oc adm policy add-scc-to-user -z dockergc privileged
  # in order for the dockergc to access the docker socket and root directory
- apiVersion: extensions/v1beta1
  kind: DaemonSet
  metadata:
    name: dockergc
    labels:
      app: dockergc
  spec:
    updateStrategy:
      type: RollingUpdate
    template:
      metadata:
        labels:
          app: dockergc
        name: dockergc
      spec:
{# Only set nodeSelector if the dict is not empty #}
{% if openshift_crio_docker_gc_node_selector %}
        nodeSelector:
{% for k,v in openshift_crio_docker_gc_node_selector.items() %}
          {{ k }}: "{{ v }}"{% endfor %}{% endif %}

        serviceAccountName: dockergc
        containers:
        - image: {{ openshift_docker_gc_image }}
          command:
          - "/usr/bin/oc"
          args:
          - "ex"
          - "dockergc"
          - "--image-gc-low-threshold=60"
          - "--image-gc-high-threshold=80"
          - "--minimum-ttl-duration=1h0m0s"
          securityContext:
            privileged: true
          name: dockergc
          resources:
            requests:
              memory: 30Mi
              cpu: 50m
          volumeMounts:
          - name: docker-root
            readOnly:  true
            mountPath: /var/lib/containers/docker
          - name: docker-socket
            readOnly:  false
            mountPath: /var/run/docker.sock
        volumes:
        - name: docker-root
          hostPath:
            path: /var/lib/containers/docker
        - name: docker-socket
          hostPath:
            path: /var/run/docker.sock
